Replaced use of service principal with identity

quickstart/201-k8s-cluster-with-tf-and-aks/main.tf

@@ -22,6 +22,10 @@ resource "azurerm_kubernetes_cluster" "k8s" {
   resource_group_name = azurerm_resource_group.rg.name
   dns_prefix          = random_pet.azurerm_kubernetes_cluster_dns_prefix.id
 
+  identity {
+    type = "SystemAssigned"
+  }
+
   default_node_pool {
     name       = "agentpool"
     vm_size    = "Standard_D2_v2"
@@ -38,10 +42,4 @@ resource "azurerm_kubernetes_cluster" "k8s" {
     network_plugin    = "kubenet"
     load_balancer_sku = "standard"
   }
-  service_principal {
-    client_id     = azuread_service_principal.app.application_id
-    client_secret = azuread_service_principal_password.app.value
-  }
-
-  depends_on = [time_sleep.wait_30_seconds]
 }

quickstart/201-k8s-cluster-with-tf-and-aks/readme.md

@@ -11,8 +11,6 @@ This template provisions an [AKS / Azure Kubernetes service (also known as a Man
 - [azurerm_client_config](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config)
 - [azurerm_kubernetes_cluster](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster)
 - [azuread_application](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/application)
-- [azuread_service_principal](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/service_principal)
-- [azuread_service_principal_password](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/service_principal_password)
 - [azapi_resource](https://registry.terraform.io/providers/Azure/azapi/latest/docs/resources/azapi_resource)
 - [azapi_resource_action](https://registry.terraform.io/providers/Azure/azapi/latest/docs/resources/azapi_resource_action)
 

quickstart/201-k8s-cluster-with-tf-and-aks/sp.tf

@@ -1,43 +0,0 @@
-data "azurerm_client_config" "current" {}
-
-locals {
-  current_user_id = coalesce(var.msi_id, data.azurerm_client_config.current.object_id)
-}
-
-# Create Azure AD app registration.
-resource "azuread_application" "app" {
-  display_name = "my-app"
-  owners       = [local.current_user_id]
-}
-
-# Create service principal.
-resource "azuread_service_principal" "app" {
-  application_id               = azuread_application.app.application_id
-  app_role_assignment_required = true
-  owners                       = [local.current_user_id]
-}
-
-# Create service principal password.
-resource "azuread_service_principal_password" "app" {
-  service_principal_id = azuread_service_principal.app.id
-}
-
-# Sleep for 30 seconds to allow for propagation
-# of the Service Principal creation before attempting
-# to create the AKS cluster.
-resource "time_sleep" "wait_30_seconds" {
-  create_duration = "30s"
-
-  depends_on = [azuread_service_principal_password.app]
-}
-
-# Output the service principal and password.
-output "sp" {
-  value     = azuread_service_principal.app.id
-  sensitive = true
-}
-
-output "sp_password" {
-  value     = azuread_service_principal_password.app.value
-  sensitive = true
-}